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SYSTEM AND METHOD FOR A 
MULTI-LAYER NETWORK ELEMENT 

FIELD OF THE INVENTION 

The present invention relates in general to packet for- 
warding within a network and, in particular, to a system and 
method for forwarding packets using multi-layer informa- 
tion. 

BACKGROUND OF THE INVENTION 

Communication between computers has become an 
important aspect of everyday life in both private and busi- 
ness environments. Networks provide a medium for this 
communication and further for communication between 
various types of elements connected to the network such as 
servers, personal computers, workstations, memory storage 
systems, or any other component capable of receiving or 
transmitting data to or from the network. The elements 
communicate with each other using defined protocols that 
define the orderly transmission and receipt of information. 
In general, the elements view the network as a cloud to 
which they are attached and for the most part do not need to 
know the details of the network architecture such as how the 
network operates or how it is implemented. Ideally, any 
network architecture should support a wide range of appli- 
cations and allow a wide range of underlying technologies. 
The network architecture should also work well for very 
large networks, be efficient for small networks, and adapt to 
changing network conditions. 

Networks can be generally be differentiated based on their 
size. At the lower end, a local area networif (LAN) describes 
a network having characteristics including multiple systems 
attached to a shared medium, high total bandwidth, low 
delay, low error rates, broadcast capability, limited 
geography, and a limited number of stations, and are gen- 
erally not subject to post, telegraph, and telephone regula- 
tion. At the upper end, an enterprise network describes 
connections of wide area networks and LANs connecting 
diverse business units within a geographically diverse busi- 
ness organization. 

To facilitate communication within larger networks, the 
networks are typically partitioned into subnetworks, each 
sharing some common characteristic such as geographical 
location or functional purpose, for example. The partitioning 
serves two main purposes: to break the whole network down 
into manageable parts and to logically (or physically) group 
users of the network. Network addressing schemes may take 
such partitioning into account and thus an address may 
contain information about how the network is partitioned 
and where the address fits into the network hierarchy. 

For descriptive and implementive purposes, a network 
may be described as having multiple layers with end devices 
attached to it, communicating with each other using peer- 
to-peer protocols. The well-known Open Systems Intercon- 
nection (OSI) Reference Model provides a generalized way 
to view a network using seven layers and is a convenient 
reference for mapping the functionality of other models and 
actual implementations. The distinctions between the layers 
in any given model is clear, but the implementation of any 
given model or mapping of layers between different models 
is not. For example, the standard promulgated by the Insti- 
tute of Electrical and Electronics Engineers (IEEE) in its 802 
protocols defines standards for LANs and its definitions 
overlap the bottom two layers of the OSI model. 

In any such model, a given layer communicates either 
with the same layer of a peer end station across the network, 
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or with the same layer of a network element within the 
network itself, A layer implements a set of functions that are 
usually logically related and enable the operation of the 
layer above it. 

5 The relevant layers for describing this invention include 
OSI Layers 1 through 4. Layer 1, the physical layer, provides 
functions to send and receive unstructured bit patterns over 
a physical link. The physical layer concerns itself with such 
issues as the size and shape of connectors, conversion of bits 

jQ to electrical signals, and bit-level synchronization. More 
than one type of physical layer may exist within a network. 
Two common types of Layer 1 are found within IEEE 
Standard 802.3 and FDDI (Fiber Distributed Data Interface). 

Layer 2, the data Hnk layer, provides support for framing, 
error detecting, accessing the transport media, and address- 
ing between end stations interconnected at or below layer 2. 
The data link layer is typically designed to carry packets of 
information across a single hop, i.e., from one end station to 
another within the same subnet, or LAN. 

2^ Layer 3, the network layer, provides support for such 
functions as end to end addressing, network topological 
information, routing, and packet fragmentation. This layer 
may be configured to send packets along the best "route" 
from its source to its final destination. An additional feature 

2^ of this layer is the capability to relay information about 
network congestion to the source or destination if conditions 
warrant. 

Layer 4, the transport layer, provides application pro- 
grams such as an electronic mail program with a "port 
address" which the application can use to interface with the 
data link layer. A key difiference between the transport layer 
and the lower layers is that an application on a source end 
station can carry out a conversation with a similar applica- 
tion on a destination end station anywhere in the network; 
whereas the lower layers carry on conversations with end 
stations which are its immediate neighbors in the network. 
Layer 4 protocols also support reliable connection oriented 
services, an example Layer 4 protocol providing such ser- 
vices is the Transport Control Protocol (TCP). 

4Q Different building blocks exist for implementing net- 
works that operate at these layers. End stations are the end 
points of a network and can function as sources, destinations 
and network elements or any other intermediate point for 
forwarding data received from a source to a destination. 

45 At the simplest level are repeaters which are physical 
layer relays which simply forward bits at Layer 1. 

Bridges represent the next level above repeaters and are 
data link layer entities which forward packets within a single 
LAN using look-up tables. They do not modify packets, but 

50 just forward packets based on a destination. Most bridges are 
learning bridges. In these bridges, if the bridge has previ- 
ously learned a source, it already knows to which port to 
forward the packet. If the bridge has not yet forwarded a 
packet from the destination, the bridge does not know the 

55 port location of the destination, and forwards the packet to 
all unblocked output ports, excluding the port of arrival. 
Other than acquiring a knowledge of which ports sources are 
transmitting packets to, the bridge has no knowledge of the 
network topology. Many LANs can be implemented using 

60 bridges only. 

Routers are network layer entities which can forward 
packets between LANs, They have the potential to use the 
best path that exists between sources and destinations based 
on information exchanged with other routers that allow the 

65 routers to have knowledge of the topology of the network. 
Factors contributing to the "best" path might include cost, 
speed, trafiSc, and bandwidth, as well as others. 



03/17/2004, EAST Version: 1.4.1 



6,081,522 



Brouters are routers which can also perform as bridges. 
For those layer 3 protocols of which the brouter knows, it 
uses its software to determine how to forward the packet. 
For all other packets, the brouter acts as a bridge. 

Switches are generalized network elements for forward- 
ing packets wherein the composition of the switch and 
whether it implements layer 2 or layer 3 is not relevant. 

Typically, bridges forward packets in a flat network 
without any cooperation by the end stations, because the 
LAN contains no topological hierarchy. If a LAN, for 
example, is designed to support layer 3 functionality, then 
routers are used to interconnect and forward packets within 
the LAN, 

Bridges cannot use hierarchical routing addresses because 
they base their forwarding decisions on media access control 
(MAC) addresses which contain no topological significance. 
Typically MAC addresses are assigned to a device at its time 
of manufacture. The number of stations that can be inter- 
connected through bridges is limited because trafl&c 
isolation, bandwidth, fault detecting, and management 
aspects become too difficult or burdensome as the number of 
end stations increases. 

Learning bridges self-configure, allowing them to be 
"plug and play" entities requiring virtually no human inter- 
action for setup. Routers, however, require intensive 
configuration, and may even require configuration activities 
at the end nodes. For example, when a network utilizes the 
Transmission Control Protocol/Internet Protocol (TCP/IP), 
each end node must manually receive its address and subnet 
mask from an operator, and such information must be input 
to the router. 

Generally, as the size and complexity of a network 
increases, the network requires more functionality at the 
higher layers. For example, a relatively small LAN can be 
implemented by using Layer 1 elements ^ch as repeaters or 
bridges, while a very large network uses up to and including 
Layer 3 elements such as routers. 

A single LAN is typically insufficient to meet the require- 
ments of an organization because of the inherent limitations: 
(1) on the number of end stations that can be attached to a 
physical layer segment; (2) the physical layer segment size; 
and (3) the amount of traffic, which is limited because the 
bandwidth of the segment must be shared among all the 
connected end stations. In order to overcome these 
constraints, other network building blocks arc required. 

As briefly described above, when the number of end 
stations in a network increases, the network may be parti- 
tioned into subnetworks. A typical address in a partitioned 
network includes two parts: a first part indicating the sub- 
network; and a second part indicating an address within the 
subnetwork. These types of addresses convey topological 
information because the first part of the address defines 
geographical or logical portions of the network and the 
second part defines an end station within the subnetwork 
portion. Routing with hierarchial addressing involves two 
steps: first packets are routed to the destination's subnet- 
work; and second packets are forwarded to the destination 
within the subnetwork. 

An end station receives a unique data link address— the 
MAC address — al the time of manufacture, allowing the end 
station to attach to any LAN within a bridged network 
without worrying about duplicate addresses. Data link 
addresses therefore cannot convey any topological informa- 
tion. Bridges, unlike routers, forward packets based on data 
link addresses and thus cannot interpret hierarchical 
addresses. 
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The current Internet is being forced to deal with increas- 
ing numbers of users and increasing demands of multimedia 
applications. Future networks will be required to support 
even higher bandwidth, larger numbers of users, and traffic 
classification requirements by the network. Statistical stud- 
ies show that the network domain as well as the number of 
workstations connected to the network will grow at a faster 
rate in future. The trend is also to support multiple traffic 
types with varied characteristics on a same physical link. 
This calls for more network bandwidth and efficient usage of 
resources. To meet the bandwidth requirement, the speed on 
the networks is on the upward trend, reaching to gigabit 
speeds. 

Network designers frequently use one particular combi- 
nation of OSI Layer 2 and Layer 3 because of the success of 
the Internet and the increasing number of products and 
networks using the Internet. Specifically, in a typical 
Internet-associated network, designers combine an imple- 
mentation in accordance with the IEEE 802 Standard (which 
overlaps OSI Layer 1 and Layer 2) with the Internet Protocol 
(IP) network layer. This combination is also becoming 
popular within enterprise networks such as intranets. 

Supporting this combination by building networks out of 
layer 2 network elements provides fast packet forwarding 
but has little flexibility in terms of traffic isolation, redundant 
topologies, and end-to-end policies for queuing and admin- 
istration (access control). Building such networks out of 
layer 3 elements alone sacrifices performance and is imprac- 
tical from the hierarchical point of view because of the 
overhead associated with having to parse the layer 3 header 
and modify the packet if necessary. Furthermore, using 
solely layer 3 elements forces an addressing model with one 
end station per subnet, and no layer 2 connectivity between 
the end stations. 

Networks built out of a combination of layer 2 and layer 
3 devices are used today, but suffer from performance and 
flexibility shortcomings. Specifically, with increasing varia- 
tion in traffic distribution (the role of the "server** has 
multiplied with browser-based applications), the need to 
traverse routers at high speed is crucial. 

The choice between bridges and routers typicaUy results 
in significant tradeofife (in functionality when using bridges, 
and in speed when using routers). Furthermore, the service 
characteristics, such as priority, within a network are gen- 
erally no longer homogeneous, despite whether traffic pat- 
terns involve routers. In these networks, differing traffic 
types exists and require different service characteristics such 
as bandwidth, delay, and etc. 

To meet the tra£5c requirements of applications, the 
bridging devices should operate at line speeds, i.e., they 
operate at or faster than the speed at which packets arrive at 
the device, but they also must be able to forward packets 
across domains/subnetworks. Even through current hybrid 
bridge/router designs are able to achieve correct network 
delivery functions, they are not able to meet today's increas- 
ing speed requirements. 

What is needed is a switch or network element that 
forwards both layer 2 and layer 3 packets quickly and 
efficiently both within a subnetwork and to other networks. 
Further, a network element is needed that can forward layer 
3 packets at wire-speed, i.e., as fast as packets enter the 
network element. AdditionaUy, a network element is needed 
that allows layer 2 forwarding within a subnetwork to have 
the additional features available in layer 3 routing and to 
provide certain quality of service for applications within the 
subnetwork, such as priority and bandwidth reservation. 
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SUMMARY OF THE INVENTION 

The present invention enables the above problems to be 
substantially overcome by providing a system and method 
for a multi-layer network element for forwarding received 
packets to one or more appropriate output ports. ^ 

An embodiment of the present invention includes a 
method of forwarding a packet entering from an input port 
to one or more appropriate output ports based on a single 
search of an associative memory for each layer. 

A packet is received on an input port, and from the packet 
both first and second packet information are determined. An 
associative memory lookup is performed for the first packet 
information which results in two potential forwarding deci- 
sions. If the destination address in the first packet informa- 
tion is known, i.e., a matching entry is found in the asso- 
ciative memory, then the potential output port or ports are 
those associated with the destination address as found in the 
associative memory. If the destination address does not 
match any entry in the associative memory, then all ports 
except the port of arrival are candidates for the potential 
output port or ports. 

An associative memory lookup is also performed for the 
second information. Various actions may be taken as a result 
of the second information, including quality of service 25 
issues. The results of the first search and the second search 
are combined to determine which of the potential output port 
or ports as proffered by the two searches is more appropriate 
for this packet. The packet is then forwarded to the appro- 
priate output port or ports. 30 

The multi-layer network element according to the present 
invention forwards both layer 2 and layer 3 packets quickly 
and efficiently both within a subnetwork and to other net- 
works. The network element recognizes packets at both 
layer 2 and layer 3 and makes forwarding decisions for both. 35 
In some instances, the multi-layer network clement also uses 
information from layer 4. 

The associative memory allows forwarding decisions at 
both layer 2 and layer 3 to be made at the hardware level. 
Having layer 3 forwarding decisions made at the hardware 40 
level allows layer 3 forwarding at wire-speed, i.e., as fast as 
packets enter the network element. Software normally asso- 
ciated with layer 3 forwarding is used when learning new 
layer 3 flows or routes. 

The invention according to the present invention also 45 
includes mechanisms for defining default actions for layer 2 
traEBc. The default actions may define, among other things, 
QoS so that the network element provides QoS when 
forwarding at layer 2. Examples of QoS that can be provided 
include priority and bandwidth reservation. 50 

Still other embodiments of the present invention will 
become readily apparent to those skilled in the art from the 
following detailed description, which is shown and 
described by way of illustration of the best modes contem- 
plated for canying out the invention. As will be realized, the 55 
invention is capable of other and different embodiments and 
several of its details are capable of modification in various 
obvious respects, all without departing from the spirit and 
scope of the present invention. Accordingly, the drawings 
and detailed description are to be regarded as illustrative in 60 
nature and not as restrictive. 

BRIEF DESCRIPTION OF THE DRAWINGS 
FIG. 1 illustrates a system incorporating a multi- layer 

network element according to the invention. 65 
RG. 2 illustrates the multi- layer networking element of 

FIG. 1. 
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FIG. 3 illustrates the switching element of the multi-layer 
network element in more detail. 

FIG. 4 illustrates the forwarding logic of the switching 
element in more detail. 

FIG. 5 illustrates the class logic of FIG. 4 in more detail. 

FIG. 6 illustrates the process used in determining which 
information dictates a packet's path through the multi-layer 
network element. 

FIG. 7 illustrates the information dependency in deter- 
mining how to forward a packet out of the network element. 

DETAILED DESCRIPTION 

FIG. 1 illustrates a system incorporating a multi-layer 
network element according to the present invention. The 
system includes the multi-layer network element, various 
networks, end stations, routers, and bridges. By way of 
example and as broadly embodied and described herein, a 
system 10 incorporating a multi- layer network element 12 
according to the present invention includes networks 14 and 
16, end stations 18, router 24, bridge 26, and local area 
networks (LAN) 28. 

The bridge 26 connects some of the LANs 28 and end 
stations 18 to the network 14 and to each other. The bridge 
26 may be a conventional learning bridge. The bridge 26 
keeps track of the addresses of the end stations 18 that 
transmit a packet showing up on one of ports 30 to the bridge 
26. The end stations 18 may be any device capable of 
sending or receiving packets of information. Typically, the 
end stations 18 are personal computers, workstations, 
printers, servers, and/or any other device that can be con- 
nected to a network. 

The bridge 26 initially does not know on which of its ports 
packet destinations arc located, and must flood an incoming 
packet to all ports in order to properly forward the packet. 
Once the bridge 26 receives a packet destined for an address 
it already recognizes, the bridge 26 knows what port the 
destination is on so that it does not have to flood the packet 
on all outgoing ports. Eventually, the bridge 26 has learned 
enough addresses to eliminate the amount of flooding 
needed on the ports of the addresses it has learned. Of 
course, any time an end station 18 changes ports on the 
bridge 26, the bridge 26 must re learn the end station 18 's 
port. 

The bridge 26 typically does not modify the packet, 
contains no information about the topology of the network 
14, and examines few parts of the packet header. The bridge 
26 operates quickly because it makes no modifications to the 
packet and is only concerned with learning sources and 
forwarding to destinations. Typically, bridges 26 use look-up 
tables to search for sources and destinations. 

The router 24 connects the network 14 to the networks 16. 
Only one router 24 is illustrated by way of example, but 
there may be many routers connecting other networks or end 
stations 18. The router 24 provides the communication 
necessary between the network 14 and the networks 16 and 
may be a conventional router. Such routers include layer 3 
functionality for forwarding packets to an appropriate des- 
tination including route calculation, packet fragmentation, 
and congestion control. Routers of this type are described, 
for example, in Interconnections: Bridges and Routers by 
Radia Perlman published by Addison- Wesley. The router 24 
must have knowledge of the topology of the network in 
order to determine the best route for packets. The router 24 's 
knowledge of the network is gained through topological 
information passed between multiple such routers 24 con- 
nected to the network 14. 
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Software running on the router 24 parses an incoming 
packet lo determine various characteristics about the packet, 
including the type of the protocol being used and the source 
and destination(s). Other determinations based on examin- 
ing the packet may be necessary, such as priority and quality 
of ser\dce (QoS) factors such as bandwidth reservation. The 
router 24 then uses the extracted information and computes 
the next destination for the packet based on topology and 
route information that is stored in the memory of the router 
24. The router 24 also applies QoS rules and actions. 

The router 24*s process for calculating the next destina- 
tion may require many accesses to memory and computation 
of the route from that information. Furthermore, the packet 
is typically received and stored while any processing is 
taking place. After the router 24 has determined what actions 
are necessary on the packet, any modifications are made to 
the packet as stored in the memory or on the way out of the 
router 24. The routers 24 are typically required to replace the 
layer 2 source and destination of the packet, update any 
checksums of the packet, and handle any issues related to 
packet lifetime. 

To carry out the functions that the conventional router 24 
performs, the software examines memory locations, makes 
modifications to the packet, and calculates new values for 
some fields. Such actions provide increased functionality 
beyond simple packet forwarding like that found in bridges 
26 such as determining the best route for the packet, 
providing QoS features; however, in conventional routers 24 
such actions take up valuable time. 

The network 14 provides communication paths for all of 
the elements connected to it. In the example of FIG. 1, the 
elements include the multi-layer network element 12, router 
24, and bridge 26. Any number of elements could be 
connected to the network 14 in a multitude of ways. FIG. 1 
illustrates only one possible combination. The elements 
connected to the network 14 do not require the network 14 
to be of any particular size or configuration. For the end 
stations 18 and the bridge 26, a detailed topological knowl- 
edge of the network 14 is not required. 

The multi-layer network clement 12 according to the 
present invention connects various elements to the network 
14 and to each other. As illustrated by way of example, the 
multi-layer network element 12 connects a LAN 28» the end 
stations 18. and the network 14. The multi- layer network 
element 12 combines the functions of both a bridge and a 
router. Functioning as a router, the multi-layer network 
element 12 contains topological information about network 
14 to intelligently route a packet to its destination while 
providing associated layer 3 functionality typically found in 
a router 24. Functioning as a bridge, the multi -layer network 
element 12 learns source/port combinations to forward layer 

2 packets. The multi-layer network element 12 differs from 
conventional bridge/router combinations in that certain layer 

3 processing operates as quickly as layer 2 switching found 
in the bridge 26. 

FIG. 2 illustrates the multi -layer network element 12 of 
FIG. 1 in more detail. The multi-layer network element 12 
according to one embodiment of the invention includes a 
processor 32, a processor memory 34, a switching element 
36, a plurality of network element ports 38, a forwarding 
memory 40, an associated memory 42, and packet buffer 
memory 44. The end stations 18, the LAN 28, and the 
network 14 are connected to the multi- layer network ele- 
ment 12 using a plurality of network element ports 38. Other 
multi-layer network elements 12 may also be connected to 
the multilayer network element 12. 
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The switching element 36 is also connected to the pro- 
cessor 32, the forwarding memory 40, the associated 
memory 42, and the packet buffer memory 44. The processor 
32 is also connected to the memory 34. Forwarding memory 
5 40 and associated memory 42 are connected to each other as 
well as to switching element 36. 

The switching element 36 performs most of the packet 
forwarding functions using both layer 2 and layer 3 
information, and possibly also some layer 4 information, 
stored in forwarding memory 40 and associated memory 42, 
without having to rely on the processor 32 to calculate routes 
or determine appropriate actions on every packet. 

The processor 32 performs tasks that the switching ele- 
ment 36 is not equipped to handle. For example, when new 
layer 3 routes must be calculated, the processor 32 uses 
processor memory 34, which contains detailed information 
about the topology of any networks reachable from the 
muhi-layer network clement 12. The processor 32 makes its 
computations primarily using software programming units 
in conjunction with accesses to the memory 34. The switch- 
ing element 36 makes its decisions primarily in hardware, 
using the forwarding memory 40 and the associated memory 
42. The forwarding memory 40 and the associated memory 
42 contain only a portion of the information contained in the 
memory 34, and arc configured for qtiick access and 
retrieval. 

FIG. 3 illustrates a detailed view of the switching element 
36 and its connections to the processor 32, the plurality of 
network element ports 3Ha-n, the forwarding memory 40, 
the associated memory 42, and the packet buffer memory 44. 
The switch element 36 includes input ports 50fl-rt, a for- 
warding logic 52, a packet memory manager 54, and output 
ports S6a-n. Each input port 50i and output port 56/ corre- 
sponds to a network element port 38*. Each of the inputs 
ports 50 also connects to both the forwarding logic 52 and 
the packet memory manager 54. 

For a given i, an input port 50/ receives packets from its 
respective multi-layer network element port 38/ and tests the 
packets for correctness. If the packet is ill formed, it is 
discarded. Packets passing this initial screening are tempo- 
rarily buffered by the input port 50/. Once the input port 50/ 
has buffered at least the first 64 bytes of the received packet, 
the input port 50/ passes the header to the forwarding logic 
52. 

45 The forwarding logic 52 is connected to the processor 32, 
the forwarding memory 40, and the associated memory 42. 
The forwarding logic 52 performs several functions. It 
initially screens the packet to determine whether the packet 
is encapsulated, by for example Subnetwork Access Proto- 

50 col (SNAP), or whether the packet is tagged, for example, by 
a virtual LAN (VLAN) identifier. If the packet is either of 
those two types, the forwarding logic 52 uses offset infor- 
mation to locate appropriate layer header information 
needed for further processing. 

55 The forwarding logic 52 also searches the forwarding 
memory 40 for matches at layer 2 and/or layer 3. The search 
may also include some information at layer 4. In the 
preferred embodiment, the forwarding memory 40 is a 
content-addressable memory (CAM) storing information 

60 about both layer 2 and layer 3 switching, and may contain 
some layer 4 information. If a match is found, data stored in 
associated memory 42 and pointed to by the matching entry 
in the forwarding memory 40 serves to define the actions 
that the switching element 36 must do to forward the packet 

65 to the appropriate destination(s). 

In another embodiment, the forwarding memory 40 could 
be implemented using a sequentially accessed random 
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access memory. In this embodiment, a hashing function stream of 64-byte packets entering all input ports 50 simul- 

would be preformed on the particular key. The resulting taneously. If the layer 3 information is not contained in the 

hashed value would be an address into the memory 42 forwarding memory 40, the packet is forwarded using (ayer 

associated with the pre-hashed key. 2 information and then processed according to conventional 

In stiU another embodiment, the forwarding memory 40 5 layer 3 processing by software in the processor 32. 

and the associated memory 42 could be contained in a single Unlike conventional layer 3 processing, the processor 32 

random access memory. In one implementation of that single may update the forwarding memory 40 by placing new layer 

random access memory, the entries could be accessed 3 entries as they are learned and created. Any packets 

sequentially, requiring a hash -front end. Another implemen- matching the new entries are forwarded at wire-speed, i.e. 
tation of that single random access memory could be a lO forwarding decisions are made for a packet before the next 

CAM. packet arrives. 

The packet memory manager 54 is connected to the FIG. 4 illustrates the forwarding logic 52 in more detail, 

packet buffer memory 44, the input port 50/, and the output The forwarding logic 52 includes class logic 60, layer 2 (L2) 

port 56/. As indicated above, each output port 56/ corre- logic 62, layer 3 (L3) logic 64, and merge logic 66. The input 

sponds to one of the plurality of multi-layer network element port 50/ connects to the class logic 60, the L2 logic 62, the 

ports 38/. While illustrated as separate units, the input port L3 logic 64, and the merge logic 66. Only one input port 50/ 

50/ and output port 56/ corresponding to a particular multi- is shown for simplification, though all input ports 50 are 

layer network element port 38/ are tightly coupled since connected in a similar manner. Preferably, the forwarding 

information flows both ways through the network element logic 52 is not duplicated for each input port 50/. Instead, all 

ports 38. input ports 50 arbitrate for access to the forwarding logic 52. 

After the forwarding logic 52 has determined what to do The L2 logic 62 is connected to the forwarding memory 

with the packet, it passes that information to the input port 40 and is responsible for creating a key to match against the 

50/. If the input port 50/ does not filter the packet, then it entries stored in the forwarding memory 40 for layer 2 

requests a pointer to free memory locations in the packet forwarding decisions. Depending on the configuration of the 

buffer memory 44 from the packet memory manager 54. The forwarding memory 40, the key may be applied against all 

packet memory manager 54 responds by providing location or some of the entries of the forwarding memory 40 

addresses of free memory space in the packet buffer memory The L3 logic 64 is connected to the forwarding memory 

44. The input port 50/ then requests a write access from the 40 and is responsible for creating a key to match against the 

packet memory manager 54 and sends the pointer and the entries stored in the forwarding memory 40 for layer 3 

data to the packet memory manager 54. forwarding decisions. As with the 12 search key, the L3 key 

In some instances, the input port 50/ must make modifi- may be appUed against all or some of the entries of the 

cations to the packet as instructed to do so from the forwarding memory 40. 

forwarding logic 52. The input port 50/ makes these modi- While the discussion of this invention is described using 

fications prior to the packet being stored in the packet buffer layer 2 and a combination of layers 3 and 4, one skilled in 

memory 44. When requested by the input port 50/, the the art would recognize that searching on and creating 

packet memory manager 54 places the packet into the entries in the forwarding memory 40 for any portion of a 

appropriate address location specified by the input port 50/. packet or its header, or any combination thereof, readily 

The input port 50/ then passes information about where the flows from the description. Thus, this invention is not 

packet is stored to the appropriate output ports 56 as limited to any specific implementation of layers according to 

determined from the information received at the input port the OSI model. 

50/ from the forwarding logic 52. jq create the key, the L3 logic 64 uses inforaiation from 

In a preferred embodiment, the appropriate output ports the input port 50/ including the packet header and an input 

may include no output ports or one or more output ports. The port 50/ identifier, and information from the class logic 60. 
output port 56/ requests and receives packets from the 45 The merge logic 66 is connected to the class logic 60, the 

packet manager 54, and transmits the packet to its associated associated memory 42, the packet memory manager 54, and 

network element port 38/ when the conditions for transmis- the processor 32. The merge logic 66 uses information from 

sion are met. In some instances, the output port 56/ must the class logic 60 and information output from the associated 

place its MAC address as the source address on outgoing memory 42 to instruct the input port 50/ what to do to 
packets. If this situation is dictated by the results from the 50 properly forward the packet to its appropriate destination(s). 

forwarding logic 52 as passed to the input port 50/. the input In some instances, there is no appropriate destination and the 

port 50/ places such an indication the packet buffer memory packet is discarded. In other instances, the merge logic 66 

44. The output port 56/ detects this indication and replaces will signal the processor 32 that it must perform some task 

the address as the packet leaves the output port 56/. Thus, in response to the received packet. 

only minor modifications to the packets are necessary on the 55 During operation, the input port 50/ receives a packet 

output side of the switching element 36. from the multi-layer network element port 38/ and sends the 

According to the above embodiment, when the forward- header plus the input port 50/ identifier to the forwarding 
ing memory 40 contains matching entries for layer 2 switch- logic 52. The forwarding logic 52 first searches the forward- 
ing or layer 3 routing, the multi-layer network element 12 ing memory 40 to determine whether the forwarding 
will operate at wire-speed. Wire-speed is defined by the 60 memory 40 contains an entry for the layer 2 source trans- 
speed at the maximum packet rate at which a given layer 1 milling the packet. A matching entry will exist if the 
and layer 2 combination can transport packets. If an element muUi-layer network element 12 has previously received a 
connected to a network can process packets as fast as they packet from the same layer 2 source and has learned which 
enter the element or faster, then the element operates at wire port it is connected to. If no matching entry exists, the 
speed. 65 forwarding logic 52 performs a learn function by placing an 

In a preferred embodiment, the network element 12 entry in the forwarding memory 40 including the source 

processes packets for a worst-case scenario of a steady address. The forwarding logic 52 signals the processor 32 
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that it has learned a new source address. In some instances, In a preferred embodiment, there are four possible oul- 

the layer 2 source will exist in the forwarding memory 40, comes when no match occurs. First, the header may be sent 

but will be associated with a different input port 50/ than the to the processor 32. This is contemplated when the possi- 

input port SOi of the incoming packet. In this instance, no bility of identifying a layer 3 flow exists. Second, the entire 
matching entry will exist in the forwarding memory 40 5 packet could be copied to the processor 32. This is contem- 

because a match depends on both the layer 2 source and the plated when initially setting a unicast route or to provide 

input port 50i. firewall protection by initially examining certain routes or 

The forwarding logic 52 also searches the forwarding flows or when it is unknown where in the packet required 

memory 40 for an entry indicating the port of the destination information may exist to create search keys. Third, use layer 
address. If no match is found, then the forwarding logic 52 lO 2 results for forwarding. Fourth, discard the packet. Other 

instructs the input port 50/ to flood the packet to all of the action may be possible depending on the configuration of the 

active output ports 56. network or the particular protocol in use as would become 

For the layer 2 information described above in the pre- ^^^dily apparent to one skilled in the art. 

ferred embodiment, the forwarding memory 40 contains the Some of the criteria that the classes take into account may 

values of the MAC addresses of the sources and a pointer to be whether the class is considered address dependent or 

a corresponding entry in the associated memory 42. The address- in dependent. Adding a class identifier allows the 

forwarding memory 40 may also contain additional layer 2 switching element 36 to respond to varying network situa- 

information such as a VLAN identifier if tagged packets are tions and greatly simplifies organizing and storing informa- 

being used. The associated memory 42 contains more infor- tion in the forwarding memory 40. 

mation about its corresponding entry in the forwarding Representative examples of address independent classes 
memory 40. Layer 2 information in the forwarding memory that could be identified by the class logic 60 include: 
40 is preferably limited to the least amount of information Address Resolution Protocol (ARP); Internet Group Man- 
necessary to make a layer 2 search. In a layer 2 search, this agement Protocol (IGMP); Reverse ARP (RARP); Group 
information is preferably just the MAC address and the input Address Registration Protocol (GARP); Protocol Indepen- 
pon 50/, but the CAM may also contain any information dent Protocol (PIM); and Reservation Protocol (RSVP). 
related to tagged addressing. Representative examples of address dependent classes 

In a preferred embodiment, the forwarding memory 40 include: TCP flow; non fragmented UDP flow; fragmented 

allows multiple matches for a layer 2 search. The processor UDP flow; hardware routable IP; and IP version 6. Of 

32 ensures that the order of the entries is such that if an course, other protocols could be similarly recognized, 

address/port combination exists in the forwarding memory. The class logic 60 produces an unambiguous class restilt 

that entry is selected. If the particular source/port combina- for every incoming packet. For an unrecognized protocol, 

tion is not found, then a match may occur including VLAN the class logic 60 will still produce a class result, but that 

information so that any layer 2 destination search wiU at class result signifies an unrecognized protocol and what 

least match a known VLAN or an unknown VLAN entry. actions should take place on a packet of this type of class, 

both of which define the output ports 56 for flooding in its Generally, layer 3 flows are address dependent and will 

respective entry. contain information beyond just a simple class of traflSc. In 

Uyer 3 switching, while more complex, is similar to layer those instances where additional information has been 

2 switching. The forwarding logic 52 searches the forward- placed by the processor 32 into the forwarding memory 40, 

ing memory 40 for a matching entry to a layer 3 search key there may be more than one entry for a particular class in the 

created by the L3 logic 64. If a match exists, the information forwarding memory 40. The processor 32 ensures that of the 

in the associated memory 42 is used by the merge logic 66 entries matched, the one used is the most appropriate one. 

to instruct the input port 50/ what to do with the packet. If Different classes may have different criteria for what is the 

the search provides no match, the switching element 36 most appropriate match depending on the type of packets 

forwards the packet as a bridge and may pass aU or portions embodied within a particular class. The flexibility allowed 

of the packet to the processor 32 for further processing. The by having multiple matching entries in the forwarding 

L3 logic 64 creates the search key using information from memory 40 is further enhanced by ensuring that the best 

the packet header, the input port 50/, and the class logic 60. match is provided for a particular flow and because of this 

The class logic 60 examines information in the packet feature, different actions wiU be possible for packets within 
header to determine any encapsulation information and to 50 the same type of class. 

determine a class for the layer 3 infonnation and is iUus- jq the preferred embodiment, the processor 32 reorders 

trated in more detail in FIG. 5. The class logic 60 includes the layer 3 entries when it places any new layer 3 so that the 

the encapsulation logic 68 and the class action logic 70. ^est match for a particular search criteria occurs earliest in 

Each input port 50/ is connected to both the encapsulation the memory. Those skilled in the art wiU recognize many 
logic 68 and the class action logic 70. The class action logic 55 different implementations to achieve the same result. In one 

70 connects to the encapsulation logic 68, the L3 logic 64, preferred embodiment, the processor 32 ensures that the 

and the merge logic 66. entry with the longest potential matching key within a 

The encapsulation logic 68 is responsible for examining particular class is at the top, or earliest, location in the 

the packet header and determining any offsets into the memory. However, the processor 32 may also place an entry 
header for the layer 3 and layer 4 information, if needed. 60 above the longest matching entry so that for a particular 

The output of the class logic 60 identifies not only the traffic pattern the most important match may be one that 

class, but which fields from the packet header should be used matches many keys. For example, an entry that matches, for 

by the L3 key logic in creating the layer 3 key, priority a particular class, based on an application port such as "http" 

information, and what the merge logic should do if there is and no other information, will take precedence over entries 
no match in the forwarding memory 40 for a packet of this 65 that might match more than just the layer 4 application, 

class. The class helps to identify at least the flow, priority. Another example might be forcing a match on a particular 

traffic classification, and hardware routing. source within a class type. This might occur when the 
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Operator might want to provide packets coming from a 
particular server with a high priority regardless of the 
destination or layer 4 application. 

In a preferred embodiment, the merge logic 66 directs the 
input port 50/ to take one of the following actions on a 
packet: filter the packet; forward the packet at layer 2; 
forward the packet as a layer 3 flow; process the packet as 
a layer 3 route; and forward the packet as a multicast route. 
Packets that the merge logic 66 instructs the input port 50/ 
to filter are those that include certain header infonnation 
determined to be unsupported. Examples of classes whose 
packets would be forwarded at layer 2 would include a 
fragmented UDP flow and a class indicating that the header 
information is unknown. A fragmented UDP operates using 
layer 2 information because after the first packet, the frag- 
mented packets do not include all relevant information from 
the layer 4 header information, UDP ports for example. 
Layer 2 forwarding would be optional for address indepen- 
dent classes depending on the particular class. 

The merge logic 66 instructs the input port 50/ to use layer 
3 flow information for TCP or non-fragmented UDP flows. 
Flows are those packets forwarded within the subnet to 
which the multi-layer network element 12 is attached and 
require no header modification on forwarding. Routes, on 
the other hand, are packets coming from sources outside the 
subnet or destined to addresses beyond Uie subnet such that 
the header information must be modified prior to forwarding 
by the multi-layer network element 12. In a preferred 
embodiment, instructions to forward the packet as a layer 3 
route come from the merge logic 66 when the class indicates 
that the packet is of a class hardware routable IP. In other 
words, the destination of the incoming packet is recognized 
by the class logic 60 of the multi -layer network element 12, 
and the multi-layer network element 12, must then forward 
the packet to the next hop destination, which is determined 
by routing protocols. Those skilled in the art can easily 
recognize from the invention other situations where such a 
type of result would be desired. 

One feature of the invention is the ability to bridge flows, 
that is, use the forwarding memory to quickly forward layer 
2 packets using layer 3 functionality through the network 
element 12. Certain flows are particularly suited for this type 
of activity and include static flows, self -detecting flows, and 
flows set up by reservation protocols, such as RSVP. Static 
flows are those set up in advance by the network element 12 
operator and define layer 3 functionality for selected layer 2 
network trafific and are not subject to aging. Self-d electing 
flows are a function of the type of application. 

Initially, these flows are bridged with no layer 3 func- 
tionality because no layer 3 entry matches. The packet 
header is sent to the processor 32 for examination. The 
processor 32 analyzes the packet and based on programmed 
heuristics determines whether and how to create a layer 3 
entry in the forwarding memory 42 for the packet type. For 
example, a "ping" packet would not warrant a layer 3 flow 
entry because it is, at best, a transient packet. 

Protocols like RSVP work to reserve certain service 
features of the network and signal that a number of packets 
will follow this same path. In this case, it serves the 
application using the reservation protocol to forward at layer 
2, but add layer 3, or more, functionality like priority to 
ensure the required class of service through the multi- layer 
network element 12. 

FIG. 6 illustrates preferred results produced by the merge 
logic 66 using information from the class logic 60 and the 
associated memory 42. Three results are presently preferred: 
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(1) use the layer 2 forwarding results; (2) use the layer 3 
forwarding results; and (3) use the layer 3 results while using 
the layer 2 topology. In some instances, there may be an 
identified class, but no matching entry in the forwarding 

5 memory 40, in this instance, the default actions for the class 
are used. Note thai the use of layer 3 default results can be 
considered a subset of using layer 3 forwarding results. 

Default results may be set for packets of a class type to 
provide protection such as that provided by firewaU tech- 
no nology. In a firewall application, the multi-layer network 
element 12 would be programmed to direct any packet of a 
defined class to the processor 32 for subsequent processing. 

Referring to FIG. 6, if the class logic 60 determines that 
the packet is of an unrecognized class (step 112), then the 
packet is acted on using the layer 2 results (step 114). If the 
packet *s class is recognized (step 112) and the associated 
memory 42 or class logic 60 indicates that a layer 2 result 
should be forced (step 116), then the layer 2 results are used 
(step 118) regardless of any other information. 

If no layer 2 results are forced as a result of the layer 2 
search (step 116) and there is a match of the layer 3 key (step 
120), then the layer 3 information is checked to determine 
whether the layer 3 information forces a layer 2 port decision 
(step 122). If the layer 3 information forces a layer 2 
forwarding result, then the output port is determined by the 
results of the layer 2 search, however, any other information 
found in the results of the layer 3 search are applied (step 
124) such as QoS factors. If the layer 3 results do not call for 
forcing a layer 2 forwarding result, then the layer 3 results 
are passed on to the input port 50/ (step 126). If there is no 
layer 3 match in step 120, then the default actions for the 
class generated by the class logic 66 are passed to the input 
port 50/ (step 128). It is also contemplated that a packet is 
sent to the processor 32 without being forwarded to any 
output port 56 by the input port 50i when using L3 class 
default action. 

Thus, if the class is recognized and the layer 3 search 
matches an entry, then the actions defined by the layer 3 

4Q search govern the instructions to the input port 50/, even 
though that might mean that the layer 2 output port results 
are used. If not, the packet is treated using layer 2 results and 
the packet or the packet's header might be sent to the 
processor 32 for subsequent processing of the layer 3 

45 information, if desired. 

If the information coming out of associated memory 42 
for a layer 3 match indicates a force layer 2 result, then 
packet forwarding is done using the layer 2 results, but any 
information relating to quality of service may still be imple- 

50 mented on a layer 2 forwarding decision. In this way, the 
multi-layer network element 12 may add additional func- 
tionality above and beyond normal layer 2 bridges by 
allowing quality of service factors to be applied to layer 2 
bridging or routing within the same subnet or VLAN. 

55 Accordingly, the input port 50/ presents to the forwarding 
logic 52 the header of the received packet and its port 
designation. The output of the forwarding logic 52 is a 
function of the header information and the arrival port and 
indicates whether the input port 50/ should store the packet 

60 in the packet buffer memory 44 in cooperation with the 
packet memory manager 54; whether any priorities should 
be associated with the packet on a particular output port 56/; 
and whether the input port 50/ should make any modifica- 
tions to the packet such as header replacement prior to 

65 passing the packet to the packet buffer memory 44. Thus, an 
output port S6i need not make any modifications to the 
header except for inserting its MAC address and computing 
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a new packet checksum when routing unicast or multicast port S6i need to replace the layer 2 source address of the 

packets, for example. packet the output port 56Vs MAC address. Other types of 

The layer 2 and layer 3 information in the forwarding header modifications will be readily apparent to those skilled 

memory 40 are independent of each other as applied to in the art to implement proper routing, 
searches although some information contained in a layer 2 5 The entry in the associated memory 42 may also include 

entry may be duplicated in a layer 3 entry. Additionally, a the next hop destination address to be used to replace the 

layer 3 entry may also contain some layer 4 information such incoming destination in unicast routing. In a unicast route, 

as the UDP or TCP ports. Those skilled in the art would the incoming packet would have had its layer 2 destination 

readily recognize other features that could be added by address as the multi-layer network element 12. 
including other information from other header layers or the lO The merge logic 66 must wait for the results of the 

packet body and such arc considered to be within the scope searches of the forwarding memory 40 done by the L2 logic 

of this invention. After both the layer 2 and layer 3 searches 62 and the 13 logic 64. In the preferred embodiment, the 

are completed, the merge logic 66 determines what actions layer 2 and layer 3 information are stored in the same 

the input port 50/ should do to the packet. forwarding memory 40, however, they could be stored in 

Any layer 2 learning of source addresses, or changes that separate memories. As stated earlier, the preferred embodi- 

raight occur as a resuh of a topology change are communi- ment has the forwarding memory 40 limited to storing the 

cated to the processor 32 as part of the layer 2 source search. information used by the L2 and L3 logics that match the 

As mentioned earlier, the layer 2 information may include fields of the key to reduce the size of the forwarding 

tagged information Uke that used to support virtual LAN memory. As such, the associated memory 42 stores addi- 

(VLAN) information. When and, if used, the VLAN infor- tional information about the entries. Each entry in the 

raation helps to restrict layer 2 flooding to only those ports forwarding memory 40 points to a corresponding entry in 

associated with a particular VLAN or specific tagging. the associated memory 42, the contents of which the asso- 

Each entry in the associated memory 42 may contain ciated memory 42 provides to the merge logic 66 to makes 

information relating to the following outcomes. The entry its forwarding decisions. 

includes an indication of the output ports 56 for the packet FIG. 7 illustrates the steps occurring in the forwarding 

including whether all or portions of the packet should be sent logic 52. While the FIG. 7 illustrates the preferred embodi- 

to the processor 32. The entry allows for more than one port ment of the operation of the forwarding logic 52, those 

56/ to be specified, if needed, to support for example skilled in the art will immediately recognize other equivalent 

multicast addressing, for example. The entry also includes a ways to accomplish the same task. Information is received 

priority for the packet which maps into the number of output at the forwarding logic 52 from the input port 50 (step 200). 

queues which may be present on an output port 56. The entry On one path, the L2 logic 62 determines the necessary 

also includes an indicator for which output ports 56 should information for a layer 2 search and carries out that search 

use Best Effort in transmitting the packet. Best Effort implies against the forwarding memory 40 (step 202). The L2 logic 

that no guarantee on the packet's transmission or QoS is 62 and forwarding memory 40 determine in step 204 

provided. Those skilled in the art will easily recognize that whether there was a matching entry for the source of the 

the invention applies equally well to other QoS as well. packet (step 204). If the source address is not in the 

The entry may also indicate whether a new tag should be forwarding memory 40, then the source address is learned 

applied to an outgoing packet when, for example, whether (step 206). To learn the source address, the L2 logic 62 and 

routing between VLANs requires an outgoing tag different the forwarding memory 40 ensure that an entry is placed in 

from the incoming tag, and what that tag should be, if the forwarding memory. A signal is sent to the processor 32 

necessary. to examine the new information. 

The entry also contains information relating to source and If the source address was already in the forwarding 

destination aging. Source aging information indicates memory 40 and matched to the input port 50 of arrival, then 
whether the source is active or not. In a preferred 45 the L2 logic 62 attempts to match the destination address to 

implementation, this information is updated by the forward- the forwarding memory 40 (step 208). If the source address 

ing logic 52 every time the layer 2 source address is was not in the forwarding memory 40 or the source address 

matched. The information implements in accordance with was in the memory but at a different port, then the source 

IEEE standard 8a2.1d type address aging. Destination aging address and port combination is learned in step 206 prior to 
in the network element 12 indicates which layer 2 and layer jq attempting a destination search in step 208. 

3 entries are active. The information for an entry is updated In the other path from step 200, the class logic 60 

every time an entry is matched, either by a layer 2 destina- determines the class in step 210. After the class logic 60 has 

tion search or a layer 3 match cycle for the entry, determined the class and passed this onto the L3 logic 62, the 

The entry also provides for whether layer 2 results should L3 logic attempts a match against the forwarding memory 
be used for forwarding by the input port 50/. As mentioned 55 for the layer 3 entry (step 212). 

above, the layer 2 information may be forced for a layer 3 In step 214, the merge logic 66 uses information from the 

entry but in addition to the layer 2 forwarding information, L2 search of step 208, if there was one, the class logic results 

layer 3 functionality maybe added to the layer 2 forwarding. from step 210, and the layer 3 search results from step 212 

The entry may also define a static entry. A static entry is to make the appropriate forwarding decisions based on the 
not subject to layer 2 learning and is never aged. 60 criteria of FIG. 6. Once the merge logic 66 has determined 

Entries for layer 3 may include additional information. the appropriate forwarding decision in step 214, the results 

The entry may indicate that only the first 64 bytes of the are passed to the input port 50/ (step 216). 

packet should be sent to the processor 32 for subsequent FIG. 7 illustrates the flow proceeding down two paths, 

processing. The entry may indicate whether the packet is Because the layer 2 and layer 3 searches are independent, 
part of a multicast routing. If so, then the output port 50/ 65 everything but the actual memory search may be pipelined 

should decrement the header checksum, forward the packet or accomplished in parallel. In a preferred implementation, 

to the indicated output ports 56, and indicate that the output the processing by the class logic 60, the L2 logic 62, and L3 
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logic 64 may proceed in a parallel or pipelined fashion 
except where dependencies prevent such action. For 
example, the L3 logic 64 requires the output of the class 
logic 60 to create the search key for the layer 3 search and 
the merge logic 66 requires that the layer 2 and layer 3 5 
searches be finished to merge the results according to FIG. 
6. 

In another embodiment, however, the L2 information and 
the L3 information may be in separate memories. In this case 
the L2 and L3 searches may occur simultaneously. jq 

After the merge logic 66 determines the actions on the 
packet, the input port 50/ makes write requests to the packet 
manager 54 if the packet is not to be filtered, or dropped. The 
packet need not be received in its entirety before the input 
port 50/ makes write requests to the packet manager 54. The 
input port 50i passes to the packet manager 54 the address 
where the incoming portion of the packet is to be stored, the 
number of output ports 56 that the packet will be output, the 
priority of the packet, and then delivers the pointers to the 
appropriate output port(s) 56. The input port 50z receives 
pointers to free memory locations in the packet buffer 
memory 44 where the packet may be placed. Preferably, the 
input port 50/ has obtained a pointer from the packet buffer 
manager 54 prior to making write requests. 

The output port 56/ stores the pointers in output queues 
for packet transmission. When a queue presents a pointer for 
transmission, the output port 56/ requests the contents stored 
at the pointer address from the packet manager 54 and 
transmits the contents out of the multi-layer network ele- 
ment 12 on the corresponding network element port 38. The 
packet manager 54 keeps track of whether all of the output 
port 56 using a particular pointer have transmitted the 
contents associated with that pointer, if so the memory space 
is freed for future use. 

A multi-layer network element has been described that 
combines the features of quick layer 2 bridge-type forward- 
ing and combines it with the added functionality of layer 3 
routing and QoS support to create an apparatus and method 
of its use to perform both layer 2 and most layer 3 forward- 
ing decisions prior to the receipt of the next packet. 

The foregoing description of the preferred embodiments 
of the multi-layer network element has been presented for 
purposes of illustration and description. It is not intended to 
be exhaustive or to limit the invention to the precise form 
disclosed, and modification and variations are possible in 
light of the above teachings or may be acquired from 
practice of the invention as disclosed. The embodiments 
were chosen and described in order to explain the principles 
of the invention and its practical application to enable one 
skilled in the art to utilize the invention in various embodi- 
meats and with variation modifications as are suited to the 
particular use contemplated. It is intended that the scope of 
the invention be defined by the claims appended hereto, and 
their equivalents. 

What is claimed is: 

1. In a network element having at least one input port and 
at least one output port, a method of forwarding a packet 
entering on an input port comprising the steps of: 

(a) receiving the packet from a network on the input port; 

(b) determining a first search key from a first portion of go 
header information associated with a first protocol 
layer; 

(c) determining a second search key from a second 
portion of header information associated with a second 
protocol layer; 65 

(d) simultaneously searching entries in a memory for an 
entry matching the first search key; 
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(e) using at least one entry, if any, located in step (d) to 
determine a first port result; 

(f) simultaneously searching entries in the memory for 
entries associated with the second search key; 

(g) selecting one entry from the entries associated with the 
second search key; 

(h) using the result of step (g) to determine forwarding 
information; 

(i) determining appropriate output ports, if any, based on 
the results of step (e) and step (h); and 

(j) forwarding the packet to the appropriate output ports. 

2. The method of claim 1, wherein step (g) includes 
selecting the entry in the memory based on layer 3 infor- 
mation based upon a predetermined importance criterion 
determined to be the most appropriate. 

3. The method of claim 2, wherein, if no entries are 
matched in step (g), step (i) includes designating the appro- 
priate output port as the first port result. 

4. The method of claim 1, wherein step (i) includes the 
step of selecting the result of step (e) as the appropriate 
output port. 

5. The method of claim 1, wherein step (j) includes the 
step of using portions of the result of step (h). 

6. The network element of claim 1, wherein the memory 
comprises a first memory and a second memory, wherein at 
least one entry in the first memory is adapted to point to a 
corresponding entry in the second memory. 

7. The network element of claim 6, wherein the first 
memory is a content-addressable memory, 

8. The method of claim 1, wherein step (j) includes 
modifying the packet header according to the result of step 

(h). 

9. A network element for forwarding packet on a network, 
the network element comprising: 

(a) at least one input port for receiving a packet; 

(b) processing logic for examining the packet and deter- 
mining a first search key and a second search key 
associated with a first protocol layer and a second 
protocol layer, respectively; 

(c) a memory adapted to have at least a portion of its 
contents searched simultaneously and output a result 
based on a search; 

(d) first search circuitry configured to search the memory 
using the first search key and causing the memory to 
output a first search result; 

(e) second search circuitry configured to search the 
memory using the second search key and causing the 
memory to output a second search result; 

at least one output port; 
(g) merge circuitry coupled to the memory, the merge 
circuitry configured to forward the packet to appropri- 
ate output ports, if any, of the at least one output port 
based on the first search result and the second search 
result. 

10. The network element of claim 9, wherein the memory 
comprises a first memory and a second memory, wherein at 
least one entry in the first memory points to a corresponding 
entry in the second memory, causing a search result to be 
output firom the second memory. 

11. The network element of claim 10, wherein the first 
memory is adapted to have at least a portion of its contents 
searched simultaneously. 

12. The network element of claim 11, wherein the first 
memory is a content-addressable memory. 

13. A network element for forwarding packets on a 
network, the network element comprising: 
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(a) at least one input port configured to receive a packet; 

(b) header processing logic configured to examine packet 
header information for determining a first search key 
and a second search key associated with a first protocol 
layer and a second protocol layer, respectively; 

(c) a memory; 

(d) first search logic coupled to the memory, the first 
search logic configured to cause the memory to output 
a first search result based on the first search key; 

(e) second search logic coupled to the memory, the second 
search logic configured to cause the memory to output 
a second search result based on the second search key; 

(f) at least one output port; 

(g) merge logic, coupled to the memory, configured to 
forward the packet to appropriate output ports, if any, 
of the at least one output port based on the first search 
result and the second search result. 

14. The network element of claim 13, wherein the 
memory is adapted to have at least a portion of its contents 
searched simultaneously. 

15. The network element of claim 14, wherein the 
memory is a content addressable memory. 

16. The network element of claim 13, wherein the 
memory comprises a first memory and a second memory, 
wherein each entry in the first memory is adapted to point to 
a corresponding entry in the second memory, causing the 
results to be output from the second memory. 

17. The network element of claim 15, wherein the first 
memory is adapted to have at least a portion of its contents 
searched simultaneously. 

18. The network element of claim 17, wherein the first 
memory is a content-addressable memory. 

19. A network element for forwarding packets on a 
network, the network element comprising: 

(a) at least one input port configured to receive a packet; 

(b) processing logic configured to determine first packet 
information and second packet information from 
packet header information associated with a first pro- 
tocol layer and a second protocol layer, respectively; 

(c) a memory; 

(d) memory access logic coupled to the memory, the 
memory access logic configured to access the memory 
using a first address determined as a function of the first 
packet information to produce a first result and a 
second address determined as a function of the second 
packet information to produce a second result; 

(e) at least one output port; and 

(f) merge logic coupled to the memory, the merge logic 
configured to forward the packet to an appropriate 
output port of the at least one output port based on the 
first result and the second result. 

20. The network element of claim 19, wherein the 
memory access logic is a content-addressable memory. 

21. The network element of claim 19, wherein the 
memory access logic is based on a hashing function, 

22. An apparatus for making a forwarding decision for a 
packet entering a network element having at least one input 
port and at least one output port, wherein the packet enters 
the network element on an input port and exits the network 
element on appropriate output ports, the apparatus compris- 
ing: 

header logic configured to output, based on header infor- 
mation in the packet, a first search key associated with 
a first protocol layer, a second search key associated 
with a second protocol layer, and a default result; 
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a memory configured to output a first forwarding result in 
response to receiving the first search key from the 
header logic, and to output a second forwarding result 
in response to receiving the second search key; 
merge logic configured to output information about 
appropriate output ports in response to the default 
result, the first forwarding result, and the second for- 
warding result; and 
forwarding logic configured to direct the packet from the 
input port to the appropriate output ports based on the 
information about the appropriate output ports. 

23. The apparatus of claim 22, further including: 
a packet memory; 

a packet memory manager configured to signal to the 
input port a location in the memory available to store a 
portion of the packet, to accept the packet firom the 
input port and store the packet in the location, and to 
transmit the packet to the appropriate output port upon 
request from the output port; and 
wherein the forwarding logic includes pointer passing 
logic configured to pass the location from the input port 
to the appropriate output port. 

24. The apparatus of claim 22, wherein the input port and 
25 the output port are configured to modify the contents of the 

packet header. 

25. The method of claim 1, wherein the first packet 
information includes VLAN information and step (e) 
includes using an entry matching only VLAN information. 

26. A method of forwarding packets comprising the steps 
of: 

receiving a packet firom a network at an input port; 
generating a first forwarding decision based upon infor- 
mation in a data link layer of the packet; 
generating a second forwarding decision based upon 

information in a network layer of the packet; 
determining a resulting forwarding decision based upon 
the first forwarding decision and the second forwarding 
decision; and 

forwarding the packet to one or more output ports iden- 
tified by the resulting forwarding decision. 

27. The method of claim 26, wherein the packet includes 
header information, and wherein the step of generating a first 
forwarding decision based upon information in a data link 
layer of the packet comprises the steps of: 

creating a first search key based upon a first portion of the 

header information; 
simultaneously searching entries in a memory for a 
matching entry that matches the fnst search key; and 
determining the first forwarding decision based upon the 
matching entry. 

28. The method of claim 27, wherein the packet includes 
header information, and wherein the step of generating a 
second forwarding decision based upon information in a 
network layer of the packet comprises the steps of: 

identifying a class of a plurality of classes with which the 
packet is associated based upon the header information; 
creating a second search key based upon one or more 
fields in the header information, the one or more fields 
conditional upon the class; 
simultaneously searching entries in the memory for 

entries associated with the second search key; and 
determining the second forwarding decision based upon 
the class or an entry associated with the second search 
key. 
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29. The method of claim 28, wherein the step of deter- 
mining a resulting forwarding decision based upon the first 
forwarding decision and the second forwarding decision 
comprises the step of merging the first forwarding decision 
and the second forwarding decision by selecting between the 
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first forwarding decision and the second forwarding decision 
or combining aspects of both the first forwarding decision 
and the second forwarding decision. 

« « * * * 
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